Firefox Vulnerability – known about for 17 years — Psinergy LLC
X
Menu

Firefox Vulnerability – known about for 17 years

While many consider ditching Google, including its web browser Chrome, due to privacy concerns and in response to recent actions, Firefox has been one of the primary alternate options. A recent Firefox exploit demonstration that uses a combination of a malicious HTML file, ClickJacking, iframe and SSH bugs may change that. (Proof of Concept video)

While news of another broad base vulnerability is not surprising, the fact that it’s been known about for 17 years is startling! Put simply, it’s now known that this weakness allows a hacker to access all files in the same folder and its subfolders that contain the malicious HTML file you unwittingly downloaded and didn’t realize you clicked on. Previously this was not seen as an issue and was used in SOP (Same-Origin Policy, which is a considered a critical security mechanism) that allows scripts to access files in the same local location, speeding things up for your browsing pleasure. This is now a major issue after a researcher, Barak Tawily, found a way to remotely gain access to, and subsequently, steal these files and transfer them to a remote server. While Barak is the first to publicly disclose the information of this vulnerability, who’s to say that others haven’t used it in the past. In 2015 a similar vulnerability within SOP was found being used in the wild.

The response from Mozilla seemed to downplay the risk and leads one to believe there are no plans to fix the issue. So, what can you do? At this point, it’s best to just not use Firefox until they find a way to fix this. Why? Just going to a website that contains the malicious HTML file can easily fool a person to click on things, like something that looks like, but are not actually, those “Do you want to allow this site to give notifications?”, “Allow/Deny” (kind of like the one you likely clicked when you accessed this article – and no, we didn’t code ours to be malicious…) and just clicking that can give the hacker access, and you’re none the wiser.

For more in-depth information: https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html

You Might Also Liked

Halloween 🎃 Treats: Teal is a fantastic color! 1903 is here, what have we seen? VLC Media Player Security Flaw! Barred from Google Ads – and why that’s bad for consumers… Change your Facebook password now! Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software — The Hacker News Windows 7 and Planning for the Future Caribou Coffee Stores Hacked for months… but what about your business?

Upcoming Events

Nov
19
Tue
all-day Mercury Retrograde Ends
Mercury Retrograde Ends
Nov 19 all-day
see http://cantonbecker.com/retrograde for details…Click to print (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)MoreClick to share on Reddit (Opens in new window)Click to share on Pocket (Opens in new window)Click[...]
Nov
24
Sun
all-day Conjunction of Venus and Jupiter
Conjunction of Venus and Jupiter
Nov 24 all-day
A conjunction of Venus and Jupiter will be visible on November 24. The two bright planets will be visible within 1.4 degrees of each other in the evening sky. Look for this impressive sight in the western sky just after sunset.Click to print (Opens in new window)Click to share on[...]
Dec
12
Thu
all-day 2020 Astro Calendar Updates Comi...
2020 Astro Calendar Updates Comi...
Dec 12 all-day
Hello, and HAPPY NEW YEAR! Canton (canton@gmail.com) will be adding additional 2019 calendar events (meteor showers, etc.) during the last week of 2018. Feel free to email him any suggestions. If you added this ICS calendar feed as a “subscription” instead of a one-time import, then new events should automatically[...]
Dec
13
Fri
all-day Geminids “King” Meteor Shower
Geminids “King” Meteor Shower
Dec 13 all-day
The Geminids is the king of the meteor showers. It is considered by many to be the best shower in the heavens, producing up to 120 multicolored meteors per hour at its peak. It is produced by debris left behind by an asteroid known as 3200 Phaethon, which was discovered[...]
Dec
21
Sat
all-day Ursids Meteor Shower
Ursids Meteor Shower
Dec 21 all-day
The Ursids is a minor meteor shower producing about 5-10 meteors per hour. It is produced by dust grains left behind by comet Tuttle, which was first discovered in 1790. The shower runs annually from December 17-25. It peaks this year on the the night of the 21st and morning[...]
10:19 pm Winter Solstice
Winter Solstice
Dec 21 @ 10:19 pm – 11:19 pm
This marks the beginning of winter (in the northern hemisphere) and the beginning of summer (in the southern hemisphere.) The winter solstice is the shortest day of the year, respectively, in the sense that the length of time elapsed between sunrise and sunset on this day is a minimum for[...]